Integrating Google Sign-In into your iOS app

Before you begin

Enable server-side API access for your app

With the earlier Enable sign-in procedure, your app
authenticates the user on the client side only; in that case,
your app is able to access the Google APIs only while the
user is actively using your app. With this procedure your servers can
make Google API calls on behalf of users or while they are offline.
For example, an photo app can enhance a photo by processing it
on a backend server. To do this, your server requires an access token
and a refresh token.

To obtain an access token and refresh token for your server, you can
request a one-time authorization code that your server exchanges for
these two tokens. You request the one-time code by specifying your
server's client ID along with your other GIDSignIn parameters.
After you successfully connect the user, you will find the one-time code
as the auth parameter server_code accessible via the
finishedWithAuth:error handler.

On your app's backend server, exchange the auth code for access and refresh
tokens. Use the access token to call Google APIs on behalf of the user and,
optionally, store the refresh token to acquire a new access token when the
access token expires.

If you requested profile access, you also get an ID token that contains
basic profile information for the user.